Computer System Security Incident

Emergency Date: 
January 8, 2007 - 8:30am

UA Computer System Incident
Memorandum on University Computer System Security Incident

TO: The University of Arizona Campus Community

FROM: George Davis, Executive Vice President and Provost

DATE: Monday, January 8, 2007

RE: University Computer System Security Incident

Last week, The University of Arizona detected unauthorized access into computer systems on campus, which temporarily has affected some services in three areas. Those areas include Procurement and Contracting Services (PACS), the Student Union and University Libraries.

So far, no additional breaches have been confirmed, although we continue to scan systems throughout campus. The University first confirmed the unauthorized access January 2, 2007; some servers and computers appear to have been illegally breached at different times in November and December. Hackers installed software to store files (such as movies or games) on the systems, and may have attempted to access other information. At this point, no evidence exists that data actually were accessed in any way and no evidence exists of theft, including data theft, money theft or other.

In the meantime, the University is proceeding with utmost caution to minimize the risk of further intrusion. To point: UAPD has enlisted assistance from the FBI for the criminal investigation and forensic work; affected servers immediately were removed from UA networks and analyzed to determine the nature of the breach; campus network managers were instructed to check their servers for evidence of intrusion; all affected machines temporarily have been removed from the network; and CCIT and network managers have audited (or will audit) other systems not directly connected to the breached systems but that contain or transmit sensitive information. CCIT also has implemented (or will implement) even more stringent network and server access controls. Also, the Campus Emergency Response Team (CERT) was activated for a coordinated campus response to ensure business continuity. As a precaution, JP Morgan Chase Bank, the University's P-Card (purchasing card) bank, was alerted and has implemented an appropriate level of security.

Once the University has determined whether the machines included any non-public personal information, affected individuals, if any, will be notified.

Status of affected areas:

    * PACS -- Online purchasing and surplus operations are not functioning, and a message on the PACS Web site indicates a temporary lack of online service. Manual operations are being carried out and workstations with temporary equipment have been installed. Normal operations are being reinstated, but for now staff is unable to continue projects initiated prior to the discovery.
    * UA Libraries -- (Updated 1/10/07) Although the Interlibrary Loan and Electronic Reserves have been brought back up, backlogs of requests have been building since the afternoon of Thursday, Jan. 4, so there will be a disruption of these services for the time being. Users can submit requests, but the Library is unable at this time to process these requests or gauge the extent of the backlog. Currently, materials submitted by faculty to E-Reserves prior to 1 p.m., Thursday, Jan. 4, are available. However, materials submitted to E-Reserves after 1 p.m. on Jan. 4 are not available at this time. UA personnel continue to work around the clock to rectify this issue.
    * Student Union -- Payroll processing and the UA meal plan were temporarily disrupted, but currently are available.

We greatly appreciate your understanding as we work to remedy this situation and to ensure similar situations do not occur in the future. Although the UA has exhaustive measures and systems in place to prevent security breaches and to minimize their impacts, most organizations of our size and scope receive a constant barrage of spam, viruses and intrusion attempts.

Tips regarding ways to protect your computer.